Close

AI-Powered Open Source Tool Tackles Evasive Cyberattacks

The rise in cyberattacks poses an ever-growing threat to businesses and organizations worldwide. To counteract risks like data breaches, sabotage, and extortion, many organizations have turned to Security Information and Event Management (SIEM) systems. These systems rely heavily on detection rules, often referred to as signatures, to identify malicious activity.

However, recent findings by researchers at the Fraunhofer Institute for Communication, Information Processing, and Ergonomics (FKIE) suggest that these conventional methods are increasingly insufficient. Attackers can bypass signatures with ease, rendering many SIEM systems ineffective. In response, Fraunhofer FKIE has introduced AMIDES (Adaptive Misuse Detection System), an open-source solution powered by artificial intelligence that can detect advanced threats beyond the reach of traditional methods.

Evolving Cyber Threats in 2024

In 2024, cyberattacks have escalated, with industrial espionage and data theft becoming more prevalent. According to a report by the Bitkom digital association, 80% of German companies have suffered from network intrusions or data breaches, resulting in economic losses amounting to billions of euros.

One of the primary challenges lies in the adaptability of attackers. Small, deliberate changes in attack methods often allow them to slip past detection mechanisms unnoticed. By the time such breaches are identified, critical data has often been stolen or tampered with.

A Breakthrough Approach: Adaptive Misuse Detection

Traditional SIEM systems depend on predefined signatures created by experts, which are effective against known threats but struggle with evasion tactics. Attackers frequently tweak their methods to bypass these rules, such as adding irrelevant characters to commands to avoid detection.

While anomaly detection has been explored as an alternative, it often generates overwhelming numbers of false positives, making it impractical for large-scale use. Fraunhofer FKIE addressed this challenge by developing AMIDES, which combines signature-based detection with supervised machine learning to identify attacks resembling known patterns but with slight modifications.

Key Features of AMIDES

AMIDES is designed to enhance existing enterprise security setups. Its capabilities include:

  • Detection of Evasion Techniques: Identifies variations of attacks that traditional signatures might miss.
  • Minimizing False Alarms: Trained to distinguish between actual threats and benign activity, reducing the noise typically associated with anomaly detection.
  • Rule Attribution: Links identified threats to specific detection rules, providing analysts with context for easier investigation.

This system extracts features from security-related events, such as program command lines, and uses machine learning to flag any suspicious deviations. By adapting to an organization’s unique environment, AMIDES learns typical behavior patterns, allowing it to detect deviations with precision.

Real-World Testing and Results

Fraunhofer FKIE conducted extensive testing of AMIDES using real-world data from a German government agency. The results demonstrated the tool’s ability to identify 70% of evasion attempts without triggering false positives. Furthermore, performance metrics confirmed that AMIDES operates efficiently, even in large-scale enterprise networks, making it suitable for live deployment.

Bridging the Gap in Cybersecurity

Unlike many machine learning-based security tools that provide generic alerts, AMIDES offers meaningful context for its detections. Its integration with SIEM rules ensures that analysts can trace detected threats back to their origins, facilitating faster and more accurate responses.

“Signatures remain crucial for identifying cyberattacks, but they are not infallible,” explained Rafael Uetz, head of the Intrusion Detection and Analysis research group at Fraunhofer FKIE. He emphasized that AMIDES bridges a critical gap, offering a hybrid approach that combines the strengths of traditional signatures with the adaptability of machine learning.

A New Era of Cyber Defense

As cyber threats continue to evolve, tools like AMIDES represent a significant step forward in proactive defense. By balancing robust detection capabilities with practical usability, AMIDES provides organizations with an advanced solution to protect against increasingly sophisticated attacks.

Freely available as open-source software, AMIDES is particularly beneficial for enterprises with existing security infrastructures, enabling them to upgrade their defenses without overhauling their systems. Its development marks a promising shift toward adaptive and intelligent cybersecurity tools, capable of meeting the challenges of an ever-changing threat landscape.